Wireless VPN from WRT54GL?

Thu Jan 25 21:37:27 MST 2007

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kurt Granroth wrote:
> 
> I agree.  I had this exact scenario setup for awhile with OpenVPN *but*
> with a Linux 'server' rather than a WRT.  However, I've got a WRT54g and
> I'm in middle-planning stage of setting that up just as you describe.

Since asking the question I have found a pretty good OpenVPN HowTo for
OpenWRT in the project wiki.
http://wiki.openwrt.org/HotspotOpenvpnHowto?highlight=%28openvpn%29
These instructions eliminate the bridge between the wireless and the
local lan, which I would not do, but matches what I have in mind otherwise.

> It used to be all about OpenWRT but lately, all the buzz seems to be
> around DD-WRT.  I see article after article about setting up this and
> that with DD-WRT but only rarely do you see such articles for other
> firmware upgrades.
> 
> I think this is because DD-WRT ships with so much by default (including
> OpenVPN) and has some nice web screens for configuring quite a bit of it.

I'll have to look at DD-WRT.

> Yeah, definitely OpenVPN.  Simple (relatively speaking) to setup, comes
> with DD-WRT, and has clients for everything under the sun.

Yes, OpenVPN looks like the way to go.

> Have you done performance testing with a simple peer-to-peer OpenVPN
> setup over wireless and are you satisfied with the performance?  I ask
> because when I first set things up before, I wanted it configured so
> that the *only* way you could get on the wireless network is through
> OpenVPN.  That is, no easily crackable WEP or WPA connections.  What I
> found, though, was that the added encryption layer over wireless, unless
> the signal strength was top-notch, was actually pretty noticeable.  I
> eventually turned if off for "normal" laptop use (email, web browsing,
> etc) since anything I care about in that realm is already encrypted at a
> client layer.  I still have it for those cases where it's a pain to
> tunnel protocols through stunnel or ssh (like AppleShare or RDP).

No, I have not done performance tests.  Again, the OpenWRT wiki links to
some performance tests that I have not read yet.
http://wiki.openwrt.org/openvpn?highlight=%28openvpn%29

This is a concern because I think once this is available, many more of
the wireless users will want to take advantage of it.  I don't know how
many VPN connections a router can handle.  I suppose a two NIC server
handling VPN could sit between the access point and the rest of the
network if the load is too high.  I'll have to read the above reports.

This whole issue came up when I got wind that the purchase of a fairly
expensive wireless solution was in discussion.  (The IT people don't ask
me about stuff, I'm just a software engineer.)  I asked them why they
were going to spend so much money when a router running Linux could
probably do the job.  So, I was tasked with defining how the solution
would work, by tomorrow.

Alan

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFFuYWGDQw/VSQuFZYRAuLoAJoCNA2bHKsSR2S66QMEJ630nhsqIQCeLm+W
0mqVa4Ibk0gr5CRiTBoYfMg=
=jwCL
-----END PGP SIGNATURE-----